分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-01-22 03:04:54 2019-01-22 03:07:24 150 秒

魔盾分数

3.4

可疑的

文件详细信息

文件名 暴风压力测试.exe
文件大小 1486848 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 48c25d7bb26162ab8e70ca4ebf69ded7
SHA1 bafde001944470ad4d8898f688be78d4f9b20108
SHA256 0914208ae470394177520817ab085e3bba82f1d8f2e35108b95d867cfc83ba8a
SHA512 9fba16a82062f12093294391b2b59b9b52001998aa9c38b23221be59ca25e57dd6ff389564b31d39f1480c4a792c6c1afef1dbf298d84adf2a576e5fc1f48c34
CRC32 214CE085
Ssdeep 24576:HRPuJu19+9BN+8qQh9eEj9vv8tBMk8+sz:UU19ABE85h9eEjGMk
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0040f6bf
声明校验值 0x00000000
实际校验值 0x00178f44
最低操作系统版本要求 4.0
编译时间 2015-01-28 17:43:42
载入哈希 c4ef31e92ea9020cc1b01ad1c92b3d88

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000103f2 0x00011000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.87
.rdata 0x00012000 0x00004fb0 0x00005000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.62
.data 0x00017000 0x00001584 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.90
.rsrc 0x00019000 0x001510e8 0x00152000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.50

导入

库: MFC42.DLL:
0x4120b4 None
0x4120b8 None
0x4120bc None
0x4120c0 None
0x4120c4 None
0x4120c8 None
0x4120cc None
0x4120d0 None
0x4120d4 None
0x4120d8 None
0x4120dc None
0x4120e0 None
0x4120e4 None
0x4120e8 None
0x4120ec None
0x4120f0 None
0x4120f4 None
0x4120f8 None
0x4120fc None
0x412100 None
0x412104 None
0x412108 None
0x41210c None
0x412110 None
0x412114 None
0x412118 None
0x41211c None
0x412120 None
0x412124 None
0x412128 None
0x41212c None
0x412130 None
0x412134 None
0x412138 None
0x41213c None
0x412140 None
0x412144 None
0x412148 None
0x41214c None
0x412150 None
0x412154 None
0x412158 None
0x41215c None
0x412160 None
0x412164 None
0x412168 None
0x41216c None
0x412170 None
0x412174 None
0x412178 None
0x41217c None
0x412180 None
0x412184 None
0x412188 None
0x41218c None
0x412190 None
0x412194 None
0x412198 None
0x41219c None
0x4121a0 None
0x4121a4 None
0x4121a8 None
0x4121ac None
0x4121b0 None
0x4121b4 None
0x4121b8 None
0x4121bc None
0x4121c0 None
0x4121c4 None
0x4121c8 None
0x4121cc None
0x4121d0 None
0x4121d4 None
0x4121d8 None
0x4121dc None
0x4121e0 None
0x4121e4 None
0x4121e8 None
0x4121ec None
0x4121f0 None
0x4121f4 None
0x4121f8 None
0x4121fc None
0x412200 None
0x412204 None
0x412208 None
0x41220c None
0x412210 None
0x412214 None
0x412218 None
0x41221c None
0x412220 None
0x412224 None
0x412228 None
0x41222c None
0x412230 None
0x412234 None
0x412238 None
0x41223c None
0x412240 None
0x412244 None
0x412248 None
0x41224c None
0x412250 None
0x412254 None
0x412258 None
0x41225c None
0x412260 None
0x412264 None
0x412268 None
0x41226c None
0x412270 None
0x412274 None
0x412278 None
0x41227c None
0x412280 None
0x412284 None
0x412288 None
0x41228c None
0x412290 None
0x412294 None
0x412298 None
0x41229c None
0x4122a0 None
0x4122a4 None
0x4122a8 None
0x4122ac None
0x4122b0 None
0x4122b4 None
0x4122b8 None
0x4122bc None
0x4122c0 None
0x4122c4 None
0x4122c8 None
0x4122cc None
0x4122d0 None
0x4122d4 None
0x4122d8 None
0x4122dc None
0x4122e0 None
0x4122e4 None
0x4122e8 None
0x4122ec None
0x4122f0 None
0x4122f4 None
0x4122f8 None
0x4122fc None
0x412300 None
0x412304 None
0x412308 None
0x41230c None
0x412310 None
0x412314 None
0x412318 None
0x41231c None
0x412320 None
0x412324 None
0x412328 None
0x41232c None
0x412330 None
0x412334 None
0x412338 None
0x41233c None
0x412340 None
0x412344 None
0x412348 None
0x41234c None
0x412350 None
0x412354 None
0x412358 None
0x41235c None
0x412360 None
0x412364 None
0x412368 None
0x41236c None
0x412370 None
0x412374 None
0x412378 None
0x41237c None
0x412380 None
0x412384 None
0x412388 None
0x41238c None
0x412390 None
0x412394 None
0x412398 None
0x41239c None
0x4123a0 None
0x4123a4 None
0x4123a8 None
0x4123ac None
0x4123b0 None
0x4123b4 None
0x4123b8 None
0x4123bc None
0x4123c0 None
0x4123c4 None
0x4123c8 None
0x4123cc None
0x4123d0 None
0x4123d4 None
0x4123d8 None
0x4123dc None
0x4123e0 None
0x4123e4 None
0x4123e8 None
0x4123ec None
0x4123f0 None
0x4123f4 None
0x4123f8 None
0x4123fc None
0x412400 None
0x412404 None
0x412408 None
0x41240c None
0x412410 None
库: MSVCRT.dll:
0x412418 _except_handler3
0x41241c __set_app_type
0x412420 __p__fmode
0x412424 __p__commode
0x412428 _adjust_fdiv
0x41242c __setusermatherr
0x412430 _initterm
0x412434 __getmainargs
0x412438 _acmdln
0x41243c _XcptFilter
0x412440 _exit
0x412444 _setmbcp
0x412448 __CxxFrameHandler
0x41244c rand
0x412450 srand
0x412454 time
0x412458 free
0x41245c malloc
0x412460 atoi
0x412464 _CxxThrowException
0x412468 exit
0x41246c _mbscmp
0x412470 sscanf
0x412474 strncpy
0x412478 strcspn
0x41247c strstr
0x412480 sprintf
0x412488 __dllonexit
0x41248c _onexit
0x412490 _controlfp
库: KERNEL32.dll:
0x412048 FreeLibrary
0x41204c GetProcAddress
0x412050 LoadLibraryA
0x412054 CreateThread
0x412058 GetCurrentProcess
0x41205c GetModuleHandleA
0x412060 GetStartupInfoA
0x412064 GetSystemInfo
0x412080 GlobalFree
0x41208c GlobalAlloc
0x412090 GetLastError
0x41209c WaitForSingleObject
0x4120a0 CloseHandle
0x4120a4 SetPriorityClass
0x4120ac TerminateThread
库: USER32.dll:
0x4124a0 CopyRect
0x4124a4 IsChild
0x4124a8 LoadStringA
0x4124ac GetDlgCtrlID
0x4124b4 GetSystemMetrics
0x4124b8 OffsetRect
0x4124c0 WindowFromPoint
0x4124c4 ClientToScreen
0x4124c8 DrawIconEx
0x4124cc InflateRect
0x4124d0 SetWindowRgn
0x4124d4 ReleaseDC
0x4124d8 GetDC
0x4124dc GetCursorPos
0x4124e0 GetIconInfo
0x4124e4 AppendMenuA
0x4124e8 GetSystemMenu
0x4124ec GetWindowRect
0x4124f0 IsIconic
0x4124f4 GetWindow
0x4124f8 ScreenToClient
0x4124fc KillTimer
0x412500 SetTimer
0x412504 GetSysColor
0x412508 FillRect
0x41250c IsWindow
0x412510 LoadIconA
0x412514 GetParent
0x412518 LoadCursorA
0x41251c SetCursor
0x412520 SetWindowLongA
0x412524 GetClientRect
0x412528 PtInRect
0x41252c SetCapture
0x412530 InvalidateRect
0x412534 ReleaseCapture
0x412538 DrawIcon
0x41253c SetFocus
0x412540 SendMessageA
0x412544 EnableWindow
0x412548 wsprintfA
0x41254c RedrawWindow
库: GDI32.dll:
0x412008 CreatePolygonRgn
0x41200c CreateRectRgn
0x412010 CombineRgn
0x412014 FillRgn
0x412018 FrameRgn
0x41201c DeleteObject
0x412020 CreateSolidBrush
0x412024 Rectangle
0x412028 GetTextMetricsA
0x412030 Polygon
0x412034 GetObjectA
0x412038 CreateFontIndirectA
0x41203c GetStockObject
0x412040 CreateRoundRectRgn
库: SHELL32.dll:
0x412498 ShellExecuteA
库: COMCTL32.dll:
库: WS2_32.dll:
0x412554 getpeername
0x412558 WSAIoctl
0x41255c setsockopt
0x412560 WSAAccept
0x412564 WSASend
0x412568 shutdown
0x41256c WSACleanup
0x412570 listen
0x412574 bind
0x412578 htons
0x41257c htonl
0x412580 WSASocketA
0x412584 inet_ntoa
0x412588 gethostbyname
0x41258c gethostname
0x412590 WSAGetLastError
0x412594 WSAStartup
0x412598 closesocket
0x41259c WSARecv

.text
`.rdata
@.data
.rsrc
T$ h8sA
j0h0tA
PhpuA
Qh`uA
RhTuA
PhHuA
Vh<uA
F\p-A
T$,hpPA
At5-;
F`p-A
QhH~A
QhTuA
RhHuA
MFC42.DLL
__CxxFrameHandler
srand
malloc
_CxxThrowException
_mbscmp
sscanf
strncpy
strcspn
strstr
sprintf
MSVCRT.dll
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetCurrentDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GetQueuedCompletionStatus
CreateIoCompletionPort
GlobalAlloc
GetLastError
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
TerminateThread
PostQueuedCompletionStatus
GetSystemInfo
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryA
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfA
EnableWindow
SendMessageA
ReleaseCapture
InvalidateRect
SetCapture
PtInRect
GetClientRect
SetWindowLongA
SetCursor
LoadCursorA
GetParent
LoadIconA
IsWindow
FillRect
GetSysColor
SetTimer
KillTimer
ScreenToClient
GetCursorPos
SetFocus
GetWindowRect
CopyRect
IsChild
LoadStringA
GetDlgCtrlID
SystemParametersInfoA
GetSystemMetrics
OffsetRect
ChildWindowFromPointEx
WindowFromPoint
ClientToScreen
DrawIconEx
InflateRect
SetWindowRgn
ReleaseDC
GetDC
RedrawWindow
GetIconInfo
AppendMenuA
GetSystemMenu
DrawIcon
IsIconic
GetWindow
USER32.dll
GetStockObject
CreateFontIndirectA
GetObjectA
Polygon
GetTextExtentPoint32A
GetTextMetricsA
Rectangle
CreateSolidBrush
DeleteObject
FrameRgn
FillRgn
CombineRgn
CreateRectRgn
CreatePolygonRgn
CreateRoundRectRgn
GDI32.dll
ShellExecuteA
SHELL32.dll
ImageList_ReplaceIcon
COMCTL32.dll
WSARecv
WSAIoctl
WSAAccept
WSASend
WSASocketA
WS2_32.dll
_setmbcp
National
National Instruments Domain Service
Provides a domain server for NI security.
127.0.0.1:8080
DarkShell
127.0.0.1:8080
BUILD
\Setting.ini
http://wpa.qq.com/msgrd?V=1&Uin=366686346
Provides%c%c%c a domain server for NI security.
National%c%c%c Instruments Domain Service
National%c%c%c
\Server.exe
\dat\Cache.dat
Server.exe
(*.*)|*.*||
192.168.0.1
DCLinkedList::Data: invalid reference
Unknown
(MHz)
Windows XP
Windows 2008
Windows 2003
Windows 2000
Windows Vista
http://www.test.com/index.html
http://www.test.com/Server.exe
http://www.test.com/soft.exe
http://www.test.com/asp?=%d
www.3322.org:8080
www.3322.org
Hackeroo
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
wininet.dll
http://%s:%s@members.3322.org/dyndns/update?system=dyndns&hostname=%s&myip=%s&wildcard=OFF
:8080
http://www.ip138.com/ip2city.asp
Version
CPU(MHz)
Memory
Computer Name
Country
Host IP
au.hackxl.net
107.151.217.20
xl.mrdarkddos.com
hackxl.net
www.hackxl.net
iexplore.exe
http://www.baidu.com/
http://www.baidu.com
Windows 7
.?AVtype_info@@
jjjjh
没有防病毒引擎扫描信息!

进程树


__________________.exe, PID: 2452, 上一级进程 PID: 2300

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 15.734 seconds )

  • 7.558 VirusTotal
  • 5.165 Static
  • 2.046 TargetInfo
  • 0.491 peid
  • 0.238 NetworkAnalysis
  • 0.13 AnalysisInfo
  • 0.086 BehaviorAnalysis
  • 0.014 Strings
  • 0.003 Memory
  • 0.003 config_decoder

Signatures ( 0.404 seconds )

  • 0.236 md_bad_drop
  • 0.025 antiav_detectreg
  • 0.021 md_domain_bl
  • 0.021 md_url_bl
  • 0.011 infostealer_ftp
  • 0.007 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 infostealer_im
  • 0.005 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 api_spamming
  • 0.003 stealth_timeout
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 stealth_decoy_document
  • 0.002 rat_nanocore
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 office_security
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.113 seconds )

  • 0.909 ReportHTMLSummary
  • 0.204 Malheur
Task ID 234135
Mongo ID 5c4618832f8f2e05c65a3bf6
Cuckoo release 1.4-Maldun